Dutch media players sold with worm

Fujack worm can steal passwords

By Jeremy Kirk | 07 January 08

A batch of digital media players sold by a Dutch importer over Christmas have been infected with a worm.

One user discovered Worm.Win32.Fujack.aa after opening the Victory LT-200, a 512MB USB media player sold by Victory Nederland, wrote Roel Schouwenberg, a senior research engineer, for Kaspersky Lab, on a company blog.

At least one other variant of the Fujack worm has been observed to spread other programs that can steal passwords for online games, according to information previously published by Kaspersky.

"We've contacted the company concerned," Schouwenberg wrote. "It told us it was aware that a few months ago there was a partially infected batch of these MP3 players, and that it had taken steps to fix the problem."

A Victory employee contacted today said the company knows of the problem, but further information was not immediately available.

Worms and viruses on removable storage devices can be particularly dangerous since the applications can be set to automatically run when the devices are plugged into a PC running Windows XP, Schouwenberg wrote.

Microsoft fixed this in its Vista OS, which prompts a user before automatically running a program.

It's not the first time storage drives have been infected at some point during the manufacturing process. Seagate warned in November that a small number of its Maxtor drives were infected with a malicious software program that also stole passwords for online games.

The malware targeted the popular World of Warcraft game, as well as the Chinese games QQ, WSGame and AskTao.

The best countermeasure for users is to ensure antivirus software is up-to-date and scan new drives for malware upon connection to a PC.

"This case shows clearly that you should always exercise caution when handling unknown external storage media, whether it's fresh out of the box or passed to you by a friend or colleague," Schouwenberg wrote.